Why Improving Incident Response Times is the Key to Preventing Loss

We’ve all heard the phrase “time is money,” but when it comes to security incident responses, lost time isn’t just lost revenue — it can also mean a loss of new business, loss of existing customers, loss of critical data, and a loss of brand reputation. In fact, the inability to respond to email and other cyberattacks is resulting in billions of dollars of losses each year for affected businesses.

Because the threat landscape is continually evolving, identifying and removing these email-based threats is often a slow, manual, and resource-intensive process. The longer it takes to root out malicious emails, the farther they can spread and the more damage they can cause.

Over the past three years, for example, losses just from business email compromise attacks have mounted to more than $26 billion. With more and more targeted spear phishing attacks on the rise, it will become harder to spot these threats. That means a fast, automated incident response system is critical to preventing loss.

Yet, while email-based security threats spread and evolve rapidly, response times are not keeping pace. According to a recent Barracuda survey, businesses take three and a half hours (or 212 minutes) on average to remediate an attack, and 11 percent of businesses can take longer than six hours to fully investigate and remediate a problem.

Further, a recent report from Verizon found 4 percent of targets of a given phishing campaign will click on a malicious link. For most phishing campaigns, it takes roughly 16 minutes before someone clicks on that link. The first report of a problem from an end user will arrive, on average, after 28 minutes. If it takes hours before there is a response from IT or a service provider, these attacks can spread quickly before they are detected and addressed. The farther the attack spreads, the longer the remediation process takes.

 

The Need for Automation

In its research, Barracuda looked at the outcome of email threat scans of 383,790 mailboxes across 654 organizations over a 30-day period using the Barracuda Email Threat Scanner, a free tool that organizations can use to analyze their Office 365 environments and detect threats that got past their email gateways.

The results were alarming. Over a 30-day period, these scans identified almost 500,000 malicious messages in the surveyed inboxes. On average, each organization had more than 700 malicious emails that landed in users’ inboxes. At more than three hours of remediation work for each campaign, these companies would need days or weeks to address that volume of attacks.

Compounding the difficulty of addressing email-based attacks is the high level of end user reported incidents. Barracuda customers, on average, responded to five email-related security incidents every day. That eats up at least 17 hours of labor in response and remediation work that might otherwise be spent on more value-added tasks. Because IT departments are usually strapped for resources, they have to pick and choose which incidents to fully address first.

Having to prioritize those manual responses leaves businesses vulnerable. Automated monitoring and response solutions are critical for addressing the overwhelming volume of email-based attacks, particularly new types of attacks that are designed to bypass traditional security gateways and filtering solutions.

First, organizations should automate the assessment of their email vulnerabilities. Tools like the Barracuda Email Threat Scanner (which integrates with Office 365) can find malicious emails and social engineering-based attacks that are frequently missed by email gateways. Using this type of solution can help IT departments and managed security services providers get a better gauge of existing vulnerabilities and which types of threats will require investigation.

Companies can also leverage AI-based protection against spear phishing and account takeover attacks. This type of system can integrate directly into Office 365 to find threats that are designed to bypass traditional security gateways, and it can also learn a company’s unique communication patterns to better detect potential phishing and account takeover attacks. These solutions run automatically in the background to block these emails from reaching users.

An automated incident response solution can also help security specialists quickly address any threats found in users’ inboxes during the email scan. This also makes remediation more efficient for all messages in the future. A forensic solution can help respond quickly to attacks and stop the damage in a few minutes, identify anomalies that may indicate emerging threats, and use the intelligence gathered from those responses to block future potential malicious emails.

According to Barracuda’s research, automated incident response can help reduce response times by 95 percent on average. Based on surveys of existing customers, 78 percent of these organizations have achieved response times of less than 10 minutes. With five incidents reported each day, the time to address them is cut down to less than an hour.

With automation, organizations can improve their security response times, which limits the damage (and associate costs) following an attack. These solutions also make it easier for IT departments to optimize resource utilization and spend more time creating value for the entire organization. After all, time is money.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

New call-to-action

Modular Malware Attacks Grow in Frequency

Although it is not a new threat, modular malware is quickly increasing in frequency. Since the start of 2019, Barracuda Labs have identified more than 150,000 unique malicious files. Modular malware is malware with an even more dangerous twist. The robust and evasive attacks are launched in stages, adapting its tactics by analyzing the target’s environment and defenses.

Unlike traditional malware where malicious files are widely distributed as spam, modular malware has evolved to adapt depending on the environment it is trying to compromise. It starts with an initial payload, and once it is established on a system, it connects to a remote command and control (C2) server for additional payloads. A command and control server is a shadow network that attackers use to maintain communications on compromised systems. As information is exchanged between the C2 server and the system, additional payloads can be launched or retracted if a sandbox or an analysis environment is detected. This growing attack continues to be dangerous because malware authors are continually testing different methods to improve their success.

Defending your customers’ networks

To protect your customers from modular malware and other threats as they emerge and become more sophisticated, it is best to implement a multi-layered security strategy that covers any potential gaps.

Strengthen your customers’ human firewall. Often, the weakest link isn’t the security tools you have in place, it is the employees themselves. Launch a security awareness program to educate users on security best practices on how to identify and report suspicious emails, links, or attachments. By doing this, you can also easily identify users who might be susceptible to falling for attacks, so you can further educate them on cybersecurity best practices. This is a great way to demonstrate your value to your clients.

Launch a stronger gateway defense. Incorporate solutions that leverage advanced inbound and outbound security techniques. For example, malware detection, spam filters, and sandboxing. Advanced filtering capabilities, like static and dynamic analysis, can help block malicious attachments from reaching an inbox and flag them before it starts downloading the executable. If the user were to open a malicious file or click a link to a drive-by download, an advanced firewall with malware analysis can flag the threat as it tries to enter the network. By pairing advanced solutions together, you can maximize the protection you’re applying to your customers’ networks.

Leverage artificial intelligence. Look to incorporate solutions that can detect anomalies and uses DMARC authentication to validate emails. Account takeover attacks, for example, are becoming more prevalent, and can be difficult to detect, since they are carried out using a legitimate email address that the recipient is likely familiar with. Solutions like Barracuda Sentinel that use artificial intelligence to identify changes in communication patterns – such as an email signed off with an initial versus a nickname which is typically used, add a powerful tool to your security stack. An AI-based tool like Sentinel continuously learns communication patterns so that it can pick up on slight differences that could be hard for the average person to notice.

IT professionals know that cybercriminals are getting smarter in how they deliver and execute their attacks. However, your customers may not realize quite the risk this poses to them, or all the ways in which they are susceptible. By leveraging a multi-layered security strategy and assessing your customers’ network security often, you can help.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

Request My Demo

Protecting your SMB Customers from Tax Scams

 The April 15 filing deadline is looming, and so far, the 2019 tax season has been a lively one. Businesses and individual filers alike have been struggling to understand the full ramifications of the significant changes made to the tax code in 2018 under the Tax Cuts and Jobs Act of 2017. Additionally, a government shutdown threw a monkey wrench into the IRS’ ability to process tax returns and issue refunds.

Cybercriminals are expected to take advantage of the confusion and turmoil, increasing their use of tax scams to steal personal information and email credentials.

Tax scams are attractive to hackers because of the breadth of personal information available on tax forms, including names, birth dates, social security numbers, wages, and addresses. In some cases, companies applying for employer identification numbers (EINs) were tricked into signing up via fake websites. Other scams involve tricking HR employees into changing direct deposit information, or companies hiring fraudulent tax preparers to handle their accounting.

W-2 scams are a common problem as well as a form of business email compromise attack. The cybercriminals impersonate a company executive using a spoofed account or an already compromised account and request W-2 forms. Most of these emails don’t contain malicious attachments or URLs, and because they are leveraging a legitimate (yet compromised) email account, they are difficult to detect or block using blacklists, signatures, URL protection, and sandboxing.

When successful, these attacks result in data from the W-2 being used for identity theft. Not only are victims compromised, but they also bear the cost of identity theft protection services moving forward.

Practical tips to avoid tax scams

Here are a few steps you should follow to protect your customers avoid getting involved in tax scams:

  • Deploy advanced anti-phishing protection that leverages technology like machine learning to analyze communication patterns. Artificial intelligence and machine learning can also help detect account takeover attacks. Additionally, use DMARC (Domain-based Message Authentication, Reporting and Conformance) authentication and enforcement to help reduce domain spoofing.
  • Use data loss prevention (DLP) solutions and business policies to block emails that include W-2 forms and other sensitive documents from leaving the company’s servers. During tax season, perform regular searches for emails with tax form attachments or other tax-related information.
  • Step up security training around tax time to help raise awareness of tax fraud and perform additional phishing simulations to identify at-risk employees.
  • Make sure email accounts are protected with the right level of authentication, and robust password policies are in place.
  • Encourage customers to institute additional policies to protect against scams – like requiring verbal or in-person confirmation of any request for financial or other sensitive information, or wire transfers.

Even tax preparers themselves are targets. Their files contain sensitive information and customer data, and last year the IRS reported receiving numerous reports from tax preparation firms that had been the victims of data theft. If your customers are using an outside firm to handle their taxes, make sure they have done their due diligence in evaluating their data protection systems and confirmed their validity by requesting a Preparer Tax Identification Number and verification of their CPA status.

If a customer becomes the victim of a W-2 scam, make sure they report the incident to the IRS and launch an internal investigation to determine the scope of the problem, eliminate malicious emails, and disable any compromised accounts.

Finally, remind customers of the following truths for detecting fraudulent messages: The IRS almost always contacts individuals through snail mail. They don’t call. They don’t e-mail. They don’t demand personal information or payment over the phone.

With security protocols and protections in place, your clients can get back to sorting through the confusing array of new tax rules and getting their returns filed on time.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

MSP Sales Mistakes

Why Cybercriminals are Targeting MSPs (and How to Avoid Being Victimized)

More and more, hackers are targeting managed services providers (MSPs). This is because MSPs can be a weak link when it comes to security if they aren’t implementing the same security practices they encourage for their clients.

MSPs are an attractive target for attacks because of the network connectivity that exists between MSPs and their clients. Successful MSPs with a global client base are even more appealing because the MSP serves as a “hub” from which multiple attacks against other big targets can be launched.IT solution providers have intimate access to their customers’ networks and applications. That’s why groups like the Chinese hacker collective APT10 are targeting MSPs. Cloud-based platforms are also increasingly targeted by these groups and the attacks are likely to increase in number and frequency.

MSPs with a strong security offering are already providing plenty of protection for their clients, using available tools to stop malware and ransomware attacks. Not all MSPs are using those same tools for their businesses, however, which represents a blind spot in their IT infrastructure.

Consider the potential consequences if an MSP employee falls victim to a phishing scheme. Malware coming from a trusted MSP account presents a significant threat to every customer and vendor connected to that company.

Sophisticated phishing attacks can compromise user accounts, which allows cybercriminals to move quickly through the MSP’s customer accounts until they find those that have the highest level of access rights to client infrastructure, or to the most valuable assets.

Last year, the Australian Cyber Security Centre (ACSC) published its annual threat report, which included a description of a multinational construction services firm that was the victim of a malware attack via an MSP account. The company was defrauded out of $500,000.

According to the report: “The example highlights the risk that companies can be compromised through their service provider, without either the company or provider knowing. It also demonstrates the types of risks that organizations face when they outsource certain activities, or when they outsource with little consideration to security. When MSPs give other organizations access to their network, it can be exposed to that organization’s security posture — which effectively increasing their own risk.”

Security Begins at Home

What can MSPs do so they don’t put their clients’ networks at risk?

First, they shouldn’t ask their clients to implement security tools or practices that they aren’t willing to deploy in their own organization. It is important that they know where security starts and stops in the products and services they currently offer.

MSPs should train their employees to recognize potential threats and phishing emails on an ongoing basis. They are probably already doing this for their clients. Credential theft presents an enormous risk because of the potential damage that can be done in the cloud. MSPs should have phishing protection and two-factor authentication practices in place and use a VPN for cloud logins.

MSPs should also implement a robust security program around privileged accounts, and make sure they have a security management system in place to control access for employees, customers, and vendors.

Additionally, MSPs should use a unified threat protection agent that they can deploy the security stack on both virtual and physical endpoints, and make sure to protect their data and clients’ data with robust backup and disaster recovery (BDR) solutions.

MSPs should make sure they can track data provenance across their infrastructure. By increasing their security footprint, they can strengthen security around the cloud environments their customers’ solutions are running in.

Security staff should have a real-time view of what is happening with their cloud-based virtual machines from a central location and the ability to conduct sophisticated analysis of out-of-the-ordinary events.

MSPs should make sure they are following industry requirements for highly regulated markets, such as the HIPAA security requirements for healthcare data. If not, the cost of a breach will be compounded by fines and other penalties for non-compliance.

Finally, MSPs should develop an incident response protocol, including who will be notified and when. That should also include a communication plan for all employees explaining how the breach happened, so they can help prevent the problem from repeating or spreading.

Clients rely on their MSPs to ensure uptime and secure their data. MSPs that aren’t looking within to spot potential vulnerabilities may be leaving their customers — and themselves — vulnerable to cyberattacks.

The Next MSP Evolution

Cast A Wider Protection Net with Phishing Education

The Anti-Phishing Working Group reports that phishing attacks continue to increase every quarter, showing up most frequently in the payment, financial, and webmail sectors. Attackers are also increasingly targeting Software-as-a-Service (SaaS) applications and webmail providers. As a result, anti-phishing solution providers have reported activation rate increases over the past year that range from double-digit to quadruple-digit growth.

One highly effective airline phishing attack has had a more than 90-percent success rate in getting potential victims to open the e-mail. Even the best legitimate marketing campaigns rarely achieve open rates that equal a third of that — which points to just how crafty phishing scams have become.

The average employee receives upwards of 120 e-mails each day, and this proliferation of messages is one reason that phishing attacks have grown in frequency, sophistication, and effectiveness. MSPs have struggled to help their clients protect themselves against these wildly successful social engineering attacks. Simply providing educational information isn’t enough anymore.

Phishing e-mails trick people into providing passwords, banking account information, social security numbers, and other information by impersonating legitimate senders (e.g., banks, e-commerce sites, customers) and getting users to click through to imposter websites.

Most companies are already familiar with phishing but haven’t done much to beef up their security protocols other than cautioning employees about opening e-mails and attachments from unknown senders. But, the people sending these e-mails have gotten savvier, so most companies and their employees will need more detailed guidance about how to identify a potential phishing e-mail and what to do when they see one.

What can you do to better protect your customers?

Provide continuous education. Share real-life examples of phishing attacks, including information about what exactly constitutes an attack and the potential cost to employees and companies.

Offer regular guidance on how to identify phishing attacks, and provide resources your clients can easily share with their employees. Phishing e-mails share a few common attributes: They ask for personal information (like a password); they often include minor grammatical errors; and both the hyperlinks included and the sender’s e-mail usually don’t match their actual destination/origination points.

When there are high-profile phishing attacks in the news, use that as an opportunity to reinforce that education.

Implement ongoing training. Annual or biannual training on recognizing phishing attacks can help keep the topic (and the tell-tale signs of a phishing attack) fresh in employees’ minds. Help your clients create a regular training program and establish a schedule, along with providing periodic reminders or security newsletters for employees.

Use simulation to reinforce training. The use of simulated phishing to test the defenses of a company and help employees improve their ability to avoid these scams is becoming more common. Make simulation or computer-based training part of your own value-added services offering.

There are tools built for this, including Barracuda PhishLine, which turns employees into a line of defense through continuous training and attack simulation. In some cases, the training resources that are available have been “gamified” to encourage better user participation. For example, Carnegie Mellon offers a game called “Anti-Phishing Phil” that can be licensed and customized with an organization’s URLs and branding information.

Involve corporate leadership. Make sure top-level executives are included in this training and simulation activity. There are specific phishing scams (called “whale phishing”) tailored specifically for these wealthy individuals, and the C-suite is not immune to falling for them.

Establish processes both internally and for your customers to report phishing pages. Google has a site specifically for this type of reporting, as do other organizations like PhishTank. The Federal Trade Commission also accepts these reports.

Help customers create a robust patching regime. Even with all of the education and training in the world, employees will still occasionally fall for phishing scams. Having a regular, automated security update and patching regime in place will help mitigate the effectiveness of these breaches. System and software updates remain the best defense against these attacks.

It’s important for MSPs to stay up to date on the latest phishing scams to help their clients remain secure. It’s also important for MSPs’ internal security, as they are increasingly becoming targets of these attacks. The Anti-Phishing Working Group (APWG) provides a  variety of resources for companies to help identify and avoid falling prey to phishing scams. Share the information with your clients and encourage them regularly to revisit their own security processes in light of new threats. Doing so can help them protect both their corporate data and employees’ personal information. You can also take the “Ultimate Phishing Quiz” to learn if you have what it takes to help your customers avoid a phishing scam.

New Call-to-action

5 Areas Your Office 365 Customers Need Extra Help

While Office 365 adoption continues to skyrocket, so do your customers’ security, compliance and other business needs, which all require your expertise.

Within the past three years, Microsoft has made an impressive transformation in its quest to become a subscription company where customers rent rather than buy software. In fact, a survey conducted by Barracuda Networks in April 2017 with customers in North America, Europe, the Middle East and Africa found adoption of Office 365 increased more than 50 percent between April 2016 and April 2017. While companies are becoming more comfortable giving up control of their data and IT infrastructures to a third party, it doesn’t mean they’re completely confident — nor should they be.

While there are many business benefits of going to the cloud, it comes with a whole new set of risks and responsibility, much of which requires your professional IT expertise.

The Shared Responsibility Model

One of the biggest misconceptions companies have about moving workloads to the cloud is where the responsibility of securing the workloads lies. When engaging prospects or customers about any public cloud service, like Office 365, it’s important to make sure they understand that the public cloud is built on a “shared responsibility model.” This means that while the provider is responsible for security, the customer also bares part of that burden, as well.  

Where this can become confusing to customers is when they see, for instance, that Microsoft includes antivirus and backup with its operating system, plus Outlook includes a spam filter. At first glance it appears like Microsoft is taking “full responsibility” for security, and that’s what the majority of business users do think, as evidenced by Barracuda’s research. Not only is that not the case, there are five specific areas where public cloud users need additional support in order to ensure their data is protected and their businesses are in compliance with industry regulations:

Endpoint Security — Many organizations use traditional firewalls to secure cloud workloads and applications. Although perimeter-based firewall architectures are highly effective in a datacenter, they can become sources of friction when deployed in the public cloud. One of main problems is that next-generation firewalls are purpose-built for datacenter architectures where everything is tightly coupled and traffic flows through firewalls that scale vertically. However, public cloud best practices dictate building loosely-coupled architectures that scale horizontally (i.e., elasticity). For Office 365 deployments, a cloud generation firewall, which integrates tightly into the public cloud providers’ management fabric and provides security without compromising performance, should be deployed.

Compliance Many organizations fall under strict email and document retention regulations, where failure to comply can lead to fines or other repercussions. By default, Office 365 data that is deleted becomes non-recoverable after 30 days. Longer retention times are only possible with more costly or expensive editions of Office 365. And, if a client cancels its subscription, its data is automatically deleted after 90 days. MSPs should be aware of their clients’ data storage and archiving requirements and offer backup and disaster recovery (BDR) services that help customers comply with regulations — regardless of which Office 365 edition they’re using — in addition to meeting customers’ recovery time objectives (RTO) and recovery point objectives (RPO), which could exceed their Office 365 service level agreement (SLA).

Liability — The Office 365 terms of service currently limit Microsoft’s liability to $5,000, or an organization’s last 12 months of subscription fees, should anything happen to its data —assuming the subscriber can prove the loss was Microsoft’s fault. In contrast, the liability an organization might face from clients, partners or auditors for losing its Office 365 data could far exceed its compensation from Microsoft. For customers facing this level of risk, it’s important to keep a copy of their Office 365 data in a secure, non-Microsoft repository, either in a second cloud environment or on premises.

Audit Rights — The Office 365 terms of service give organizations no audit rights. This is problematic if, for instance, an organization is required to show the physical location of its data. Maintaining a backup copy of Office 365 data in a secure location that is auditable, may be an acceptable way for MSPs to help customers work around the problem.

Human Error — Despite all the best security measures, users can still perform high-risk actions within cloud-based applications, whether their high-risk behavior is accidental or malicious. For example, regardless of whether they are using Office 365 or on-premises resources, when users click on infected attachments or links to malicious websites sent as part of a phishing scam, they open the door to ransomware and increase the risk of their account credentials being compromised and used by third parties access corporate data. According to research from Skyhigh Networks, the average organization experiences 2.7 threats each month within Office 365 including:

  • 1.3 compromised accounts each month, such as an unauthorized third party logging in to a corporate Office 365 account using stolen credentials
  • 0.8 insider threats each month, such as a user downloading sensitive data from SharePoint Online and taking it when they join a competitor
  • 0.6 privileged user threats each month, such as an administrator provisioning excessive permissions to use a user relative to their role.

In addition to helping customers develop security policies and best practices and providing security training, multilayer advanced threat protection solutions can help mitigate the above risks along with ransomware and other cyberattacks that are on the rise.

As customers continue to shift IT workloads to the cloud, the challenge is not only protecting sensitive information against internal and external threats, but also retaining the same compliance policy enforcement for on-premises applications. With just a few clicks, an employee can share an entire folder containing sensitive data with another user outside the company in violation of a compliance regulation. Under a shared responsibility model, Microsoft takes ownership of security its platform, but Office 365 subscribers are responsible for the safe and compliant use of Office applications. As customers and prospects migrate to Office 365, security, compliance and business continuity are all critical topics that must be addressed to ensure their data is protected.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

New Call-to-action

Where To Host Data: 3 Factors For MSPs To Consider

Should you build, lease or outsource your data center?

Five years ago, the prevailing wisdom was that, given a choice between building a new data center and using a hosted service, the former option was the smarter move. Even Gartner favored this approach, stating that the cost of renting rack space in a hosted data center was doubling every two years.Quite a bit has changed since then, including the maturation of outsourced offerings from public and private cloud providers. These offerings present another viable option for IT solution providers to consider. When deciding which model is right for your business, keep the following three factors in mind.

1. Time

To operate your own data center, you need to consider not only the amount of time required to operate and maintain the facility, but the time required to manage the infrastructure, applications, and data. In most cases, MSPs need to assign one or more employees to management tasks. In addition, they may need to hire more employees to oversee the physical environment and ensure that all machines are running properly.

Timing is crucial when operating your data centers.The big question is: Are you making more money by paying a technician to manage your data center, or could that person bring in more revenue for your business performing billable activities for your customers? MSPmentor’s latest research suggests most IT service providers are opting out of running their own data centersbecause that allows them to apply technical resources to more profitable tasks.

2. Cost

A common error that MSPs make when comparing data center options is to focus only on the cost of managing data and servers. If you decide to either build your own or lease space in a co-location facility, you also need to consider the cost of running that facility, including bandwidth and cooling costs. If employees are going to drive between your corporate office and the data center facility, those costs need to be taken into account as well.

Other commonly overlooked costs include hardware refreshes, which need to be performed on a regular basis, and equipment depreciation as an element in long-term budget planning.

Next, think about the cost of additional backups for your customers’ data. How much is it going to cost if you need to increase capacity for additional backup sets? Say you have a handful of customers with 10 terabytes of data. Are you prepared to support this amount of data? Not to mention, is all the data mirrored to additional facilities for redundancy?

3. Compliance

If your customers are in regulated industries such as health care, finance or retail, you’ll need to ensure your data center complies with industry regulations. This will likely entail hiring someone who’s an expert in compliance standards, and you’ll need to go through outsourced compliance audits.

Keep in mind that many regulations require data to be stored in a particular way and secured using specific procedures. For example, HIPAA requires data to be encrypted at rest and in transit to the cloud. It also requires SSL (Secure Socket Layer) procedures be used to grant web access to the data.

Since compliance involves both expertise and the ability to implement specific solutions, you may be surprised to find that outsourcing these services to a trusted third-party cloud provider is actually the easier — and more profitable — solution in the long run.

Before you decide to build your own data center or lease space in a co-location facility, be sure to consider the time commitment, costs and compliance requirements that go along with these options. Your research should lead you to the solution that helps you provide the best service to your clients.

By Chris Crellin, Senior Director of Product Management for Intronis

Senior Director of Product Management Chris Crellin leads product strategy and management for Intronis. Over the past 15 years, Chris has developed a strong record of successfully developing product strategy and driving execution from concept to delivery. Chris joined Intronis from Backupify/Datto, Inc., where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

Top MSPs make smart choices about hosting data. Learn more about how to become a top MSP by reading the free e-book.

Become A Top Performing MSP: Learn How To Provide Profitable IT Solutions And Become World Class

2 Smart Ways to Protect Your Customers From Phishing Attacks

One of the most common ways cybercriminals dump malware payloads onto your customers’ networks is via phishing attacks sent through email. Are you doing everything you can to stop this threat?

Whether cyber criminals are seeking passwords, credit cards, or other sensitive information, the fastest and easiest way for them to get past security defenses is by recruiting your customers’ employees to do some of the legwork. More than 90 percent of these types of attacks, called phishing attacks, come in the form of email. It could appear to be an email from a bank, for example, warning the recipient about the need to update their information. Or, it could be a message from a carrier company informing the recipient about an unclaimed package.

Tens of thousands of companies have been infected with ransomware over the past year, and most breaches originated from phishing attacks where unsuspecting employees took the bait.

There are lots of ways companies can protect themselves from phishing attacks. But, the following two tips highlight the most effective, quickest, and least costly ways MSPs can help their customers fight this threat.

Tip #1: Provide Security Awareness Training

Phishing attacks are about cybercriminals fooling employees into providing sensitive company information — either directly or by clicking a link or attachment that launches malware that steals it. A study released last year by CompTIA, based on input from more than 700 executives and business professionals, found that human error accounted for 52 percent of security breaches. According to the same study, only 54 percent of those surveyed said their company offers some form of cybersecurity training. This statistic is both surprising and alarming, especially when one considers that nearly a third (29 percent) of MSPs only discuss cyber security with clients when a breach or failure occurs.

Security awareness training is a great way for MSPs to build a better rapport with their customers, provide a valuable, much-needed service, and add a viable revenue stream to their business all at the same time. There is no downside.

Protect yourself from a phishing attack.Training can be delivered in a variety of formats ranging from in-person classroom-style to self-paced online training using multimedia presentations. The training should include security basics, such as not writing passwords on sticky notes. But, the most important goal is to instill healthy skepticism about opening attachments or clicking on links from any entity the user did not request information from. It’s also not a bad idea to validate the effectiveness of the training with a quiz and/or through social engineering testing whereby the MSP poses as a cybercriminal to validate whether the customer takes the bait.

Employees who understand their role in cyber security are much less likely to take the bait. According to PwC’s 2014 U.S. State of Cybercrime Survey, companies that train their employees about cybersecurity best practices spend 76 percent less on security incidents than their non-training counterparts.

Tip #2: Use Cloud-Based Anti-Phishing Protection

Traditional email filters have been the bane of many MSPs’ — and their customers’ — existence. These tools often falsely quarantine legitimate emails containing links or attachments. Or, if they are configured to allow emails with attachments and links, they stop only the most obvious spam messages.

Advances in algorithms and cloud technology, however, make it worth taking a second look at email security solutions. Today’s cloud-enabled email security solutions use advanced behavioral and heuristic detection systems that protect against spoofing. For example, a phishing email claiming to be from FedEx can be immediately removed based on the sender’s email not matching up with its claimed identity. Some email security solutions offer domain name validation, too, which provides additional security protection by confirming the email was sent from a reputable source.

Emails that pass the initial spoof tests are then scanned and monitored against anti-phishing databases, which are constantly being updated in the cloud. MSPs and IT admins can create quarantines, exception lists, and blocked sender lists on a per-user or per-organization basis for additional protection. Finally, cloud-based management capabilities give MSPs and IT admins a global view of all installed devices as well as centrally managed policies and configurations, allowing them to make updates and detect and respond to threats more quickly.

The outdated break-fix paradigm was, “I make money when my customer’s IT stops working.” As an MSP, you are a trusted business partner and IT expert who has a vested interest in keeping your customers up and running. What better way can you fulfill this role than by taking a couple of proactive steps to protect your customers from cyber threats that can cause irreparable damage to their reputation and bottom line? They desperately need help. And, with a little effort and a simple technology upgrade, you can give it to them.

By Chris Crellin, Senior Director of Product Management for Intronis

Senior Director of Product Management Chris Crellin leads product strategy and management for Intronis. Over the past 15 years, Chris has developed a strong record of successfully developing product strategy and driving execution from concept to delivery. Chris joined Intronis from Backupify/Datto, Inc., where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

Request My Demo

4 Data Protection Do’s and Don’ts

A business continuity and disaster recovery (BCDR) solution plays a critical role in protecting your customers from a wide range of threats and disasters if you follow a few basic best practices.

Most MSPs would agree that BCDR is a core technology that every customer needs. But, too many IT solution providers think of BCDR as little more than a checklist item, which once installed is all but forgotten. For the most part, backed up files and systems are the last thing on anyone’s mind. At some point, however, someone will delete an important file, a system will get infected with ransomware, or a hard drive will fail and that forgotten backup will become all-important. By following a couple of best practices (the “do’s”) and avoiding a couple of common pitfalls (the “don’ts”), you can use these opportunities to affirm your customer’s decision to choose your company as its trusted business advisor.

#1: Do Avoid Cost-Per-Gigabyte Backup Plans

In the past, backing up data to the cloud was often sold by the gigabyte with price reductions given once specific thresholds were met (e.g. a 10 percent cost-per-gigabyte [CPG] reduction after reaching 100 GB level). These data plans were often cost-prohibitive for many SMBs, resulting in a difficult sell for MSPs — especially if they wanted to offer fixed-fee plans.

Another downside with CPG plans is that they lead to tedious discussions between MSPs and their customers about prioritizing which data is important enough to be backed up to the cloud and which data is backed up locally only. Not only do these conversations waste time, they add unnecessary complexity to the BCDR process. Plus, customers may regret their decisions about what’s critical and what’s not after something goes wrong.

Within the past few years, cloud backup costs have come down significantly, and some cloud providers have done away with their former CPG pricing models, using block pricing and other innovative approaches to allow MSPs to back up all of their customers’ data without all the fuss and provides projectable costs that make it easier to run their business. If your BCDR vendor hasn’t evolved with the times, it may be time to find a new provider.

#2: Don’t Let Customers Manage Backups Themselves

Let the experts help!There are lots of choices when it comes to backup software, and there is no doubt your customers can find cheaper alternatives to your BCDR offering, including solutions from Microsoft and Apple that come with their operating systems at no extra cost. While it may be tempting to allow customers to use these or other consumer-grade backups as “good enough” data protection, you can be sure this decision will come back to haunt you when the customer needs to recover a lost file or roll back its system to a pre-infected state.

Consumer backup apps offer limited features and functionality. For example, if a customer accidentally deletes a file, you don’t want to perform a two-hour system image restore to retrieve it. Plus, consumer backup applications are not managed, so even if the backups work properly early on, events such as software updates and system patches can cause backups to stop working without warning.

With a managed BCDR solution, on the other hand, each customer’s computers and servers can be viewed from a web-based portal. If a backup fails, an automated alert lets you know right away, and in many cases the problem can be fixed remotely.

#3: Do Include Data Recovery Parameters in Your SLA

Some SMBs (and MSPs) put so much emphasis on backing up data, including creating backups in multiple locations and ensuring the health of their backups, that they neglect the other part of the equation, which is recovery. For instance, if a customer’s server crashes, and it takes three days to procure and build a new server and restore the data, your customer may lose a dozen clients and be on the brink of going out of business by the time everything is back up and running. Although the data was “protected,” an unacceptable recovery time devalues the solution.

To avoid this scenario, it’s important to address your customers’ RTO (recovery time objective) and RPO (recovery point objective) needs ahead of time. If, for example, your customer has a two-hour RTO and it can’t lose more than four hours’ worth of data (i.e. a four-hour RPO), then you need to ensure your BCDR solution can meet those objectives. And the details of your RTO and RPO commitment must be spelled out in your SLA (service level agreement).

#4: Don’t Wait For Disasters to Validate Your Data Recovery Strategy

While managed BCDR solutions offer some peace of mind that backups are working as planned (e.g. successful backups show up in green, failed backups show up in red), there is one further step you should take to avoid the small chance of getting burned by a “false positive.” The extra step entails periodically validating your recovery plan. With traditional backup and recovery apps, performing recovery tests is highly impractical, especially if you are attempting to recover a 1 TB (or greater) physical image.  

If, however, your BCDR solution supports virtualization, you can perform a virtual machine (VM) restore in a fraction of the time it takes to do a physical image recovery. Additionally, you can perform the recovery in an environment that’s dissimilar to the production environment, which eliminates the necessity of building duplicate servers and drivers before beginning the restore process. What’s also attractive about performing a VM restore is that it can be performed without disrupting the customer’s production environment and with minimal effort on your part.

Eventually your customer is going to face a situation that requires data to be restored from a backup, whether it’s a single file that was deleted or an entire network of files encrypted by a ransomware infection. Whether the recovery is a success or a flop, you can be sure of one thing – your company’s reputation will be tied to this experience no matter what. Be sure to accept this fact ahead of time, and follow the safeguards mentioned earlier to ensure their experience is so positive that you can use that customer for a testimonial afterward.

By Chris Crellin, Senior Director of Product Management for Intronis

Senior Director of Product Management Chris Crellin leads product strategy and management for Intronis. Over the past 15 years, Chris has developed a strong record of successfully developing product strategy and driving execution from concept to delivery. Chris joined Intronis from Backupify/Datto, Inc., where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

4 Disaster Recovery Plan Errors To Shield Your Clients From

Smart business owners know they need a disaster recovery plan. Some will even proactively approach their IT service provider about creating one to help protect their business. After all, you never know when a disaster could strike, whether it’s a fire, a flood or equipment failure, and that leaves critical information vulnerable to data loss.

Of course, not all small business customers will be this forward-thinking. Usually as an MSP, you will need to be the one to bring up disaster recovery planning with your customers. However, even if a customer or prospect tells you they already have a disaster recovery plan in place, it’s important to follow up and make sure they aren’t making any of these common mistakes that could mean their data isn’t as protected as they think it is.  

1. Never Testing The Plan

Testing is a vital step in creating a disaster recovery plan, and unfortunately, it’s a step that many businesses overlook. Having a disaster recovery plan on paper is good, but it will only take you so far. Testing the plan will uncover flaws and help you find ways to improve or clarify parts of the plan that may have been confusing. It’s always better to uncover these types of issues in a test environment instead of learning the hard way during a real-world disaster scenario. Testing does take extra time, but it will be well worth it in the end if it means being able to successfully restore a customer when the time comes.

2. Failing To Communicate The Plan

Another reason testing is crucial is that it gives the customer and their employees a chance to practice and make sure everyone knows what their responsibilities are in a disaster recovery situation. Many businesses make the mistake of not communicating their disaster recovery plan properly to everyone in the organization, and that can lead to failure when disaster does strike.

As an MSP, you can help customers communicate their plan clearly to all of the relevant stakeholders. Try holding a meeting with everyone involved to explain the overall plan and their specific responsibilities in it. It’s also a good idea to provide documentation to be shared with each person for review and reference.  

3. Overlooking Critical Data

Disaster recovery plans are only helpful if they’re complete, and it’s easy for businesses to forget about mission-critical data that isn’t stored locally. For example, if a customer has branch locations in addition to a central office, it’s important to make sure data stored at the branches are taken into account when you help the customer create a DR plan as well.

Bring-Your-Own-Device (BYOD) policies are also creating potential pitfalls for disaster recovery plans as more and more critical information is finding its way onto tablets, smartphones and laptops of employees working remotely. Remember to address BYOD with customers during the planning process to make sure this information is protected properly as well.

4. Skipping Regular Audits

Disaster recovery planning isn’t a fix-it-and-forget-it type of project. Business operations and IT environments can change over time, and disaster recovery plans need to keep up. That’s why it’s important to conduct regular audits of the DR plans you help your SMB clients create to make sure they continue to meet the business’s needs. I suggest holding annual DR audits for each of your customers, but it’s good to check in with them more frequently than that to see what’s changing in their IT environments and if there are any new applications or devices that will need to be protected and added to the plan as well.

If you can help your SMB customers avoid these four common disaster recovery plan mistakes, you’ll be well on your way to better protecting their IT environments, and you’ll be able to rest a little easier knowing their data is safe. Going through the disaster recovery planning process can also help you build deeper, more strategic relationships with your customers, which can help you grow your business in the end, too.  

By Chris Crellin, Senior Director of Product Management for Intronis

Senior Director of Product Management Chris Crellin leads product strategy and management for Intronis. Over the past 15 years, Chris has developed a strong record of successfully developing product strategy and driving execution from concept to delivery. Chris joined Intronis from Backupify/Datto, Inc., where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

Top MSPs have nailed down their disaster recovery plans. Learn more about how to become a top MSP by reading the free e-book.

Become A Top Performing MSP: Learn How To Provide Profitable IT Solutions And Become World Class